Your USB drive could be hiding some awful new malware
And it's spreading far, so keep your USB drives protected
A rampart new malware strain exploiting USB drives is quickly spreading across the globe, experts have warned.
Cybersecurity firm Check Point published a report outlining how a Chinese state-sponsored group called as Camaro Dragon (also known as Mustang Panda and LuminousMoth) is spreading the malware on a wide scale via infected USB drivers.
WispRider is the name of the main variant being used, which has undergone numerous iterations. It uses the HopperTrick launcher to propagate via USB, and also has a feature to bypass SmadAV, a popular antivirus solution in Southeast Asia.
Protecting your business from the biggest threats online
Perimeter 81's Malware Protection intercepts threats at the delivery stage to prevent known malware, polymorphic attacks, zero-day exploits, and more. Let your people use the web freely without risking data and network security.
Preferred partner (What does this mean?)
WispRider
This region is where the malware began operating, but it then self-propagated through USB drives to other regions of the world. In early 2023, the Check Point Incident Response Team (CPIRT) team found the malware had reached a European healthcare institution.
WispRider is also capable of DLL sideloading, using components belonging to security software, such as G-DATA Total Security, and those belonging to Electronic Arts and Riot Games, two giants in the gaming world. Check Point notified the above companies that attackers had used their respective software.
Check Point says, "The prevalence and nature of the attacks using self-propagating USB malware demonstrate the need of protecting against those, even for organizations that may not be the direct targets of such campaigns."
It claims to have found USB malware infections in other countries around the world, including Myanmar, South Korea, Great Britain, India and Russia.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Check Point also notes that WispRider aligns with other tools used by Camaro Dragon recently, such as a backdoor called TinyNote and a router firmware implant called HorseShell. "All of them share infrastructure and operational goals," claims Check Point.
Since the case witnessed at the European hospital, the malware has been upgraded. Now it has a more unified structure, whereby the USB infector, evasions module and backdoor are combined into one payload, as opposed to a separate set of legitimate executables and side-loaded DLLs.
The coding of the malware components has also been revamped, with newer versions of all components now written in C++, whereas the USB launcher was written in Delphi.
- These are the best endpoint protection tools around
Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.